Sign up or log in to save this to your schedule and see who's attending!

This presentation will show attendees how to perform an initial live analysis of a Linux system in mere minutes. The focus of the talk will be a set of shell scripts that allow an investigator to quickly make a determination as to whether or not an incident has occurred without the need to shutdown the system to perform traditional dead analysis.

Within 15 minutes the investigator should have a rough idea of what has transpired and will be in a better position to determine if dead analysis is warranted. The shell scripts presented minimize the disturbance to the system and send all information to a forensics workstation over the network.

Nothing beyond basic Linux knowledge (user not administrator) is required of attendees. Attendees will leave with some tools for live analysis and also a good introduction to shell scripting for those that are new to this topic.

Dr. Phil Polstra was born at an early age and has been programming since age 8 and hacking electronics since age 12. He is currently an Associate Professor teaching Digital Forensics and computer security at Bloomsburg University of Pennsylvania. He is no stranger to infosec conferences having presented at numerous conferences around the world. He is also an author. Most recently he published a book, "Hacking and Penetration Testing with... Read More →